Questions from a newbie

Hi

I just installed Avast, and I must say it looks very nice ;D I have a few questions though (I guess my questions have ben answered before, and I did look through some of the forum, but its a big forum :)).

  1. Why does it need the vrdb? I mean, I understand what it does (more or less), but other AV programs doesn’t have something like this (do they?), and they work just fine too. Does Avant always need the vrdb to remove a virus, or is it just so it can remove all vira, which can not normaly be removed? How much space does the vrdb use? I know it depends on the number of files, but what does it write down?

  2. Why does it need to change the pop3 and smtp settings? Again I understand how it works (by routing the mail through Avant), but other AV programs doesn’t do this?

  3. What about the sensitivity settings? Should it be set to normal or high? I just want it to work ;D

Oh yeah btw: THANKS to the Alwil team!

~Frank

Oh yeah, one more thing: Do I need the script blocker which is in the pro edition to be safe? It sound like neat feature, but what does it block?

~Frank

  1. avast! relies heavily on VRDB - without it, it can heal only macroviruses and the viruses supported by the intergrated Virus Cleaner (which are the most common ones).
    The obvious disadvantage is that you must have “clean” records of your files in the VRDB - i.e. you should install avast and build VRDB on a clean computer. The advantage, however, is (appart from the fact that you can heal even unknown infections) that the executable file will be turned exactly into its original state. Other repair methods may remove the virus code, but they won’t be able to restore the file header into the original state - since the information is simply lost. For example, try to fix notepad.exe infected by Elkern/Klez by the usual tools and then start 2 windows of the disinfected exe - I believe they will not work, since the header has been corrupted.
    The information written to the VRDB are the most important parts of the EXE file… I think it’s something like 1kB per (exe) file.

  2. I believe even the other AV programs do that - only they don’t tell you. If you want to scan POP/SMTP traffic, you have to route the traffic to the AV (unless the AV is a firewall simultatenously, maybe).

  3. It works on both cases ;D I believe “Normal” should be enough…

  4. The script blocker scans scripts executed by your browser on HTML pages. Generally, these scripts should be run in a “safe environment” and should not be allowed to get outside and infect your computer. However, some browsers (you know which ones I mean :)) contain bugs - and some viruses exploit them - such as VBS:RedLog for example. If you have an older version of IE without the necessary patches, viewing an infected HTML page will infected your computer. With the Script Blocker, the infection is avoided.

Thanks. It’s great you guys take the time to answer stuff like this ;D

~Frank

4. The script blocker scans scripts executed by your browser on HTML pages. Generally, these scripts should be run in a "safe environment" and should not be allowed to get outside and infect your computer. However, some browsers (you know which ones I mean ) contain bugs - and some viruses exploit them - such as VBS:RedLog for example. If you have an older version of IE without the necessary patches, viewing an infected HTML page will infected your computer. With the Script Blocker, the infection is avoided.

Thanks for this information.

Works the sricptblocker for unknown malware and unknown bugs. For example like a sandbox?

Thanks a lot
and regards

Dirk

For unknown bugs, it should work - it won’t permit the browser to execute the infected script, i.e. the script should not be able to exploit the bugs.
For unknown malware - no. The malware has to be present in the avast! virus database (so that it is identified as malware). However, if a new threat appears, it’s usually added to the virus database quite quickly.

I believe even the other AV programs do that - only they don't tell you. If you want to scan POP/SMTP traffic, you have to route the traffic to the AV (unless the AV is a firewall simultatenously, maybe).

Try most. I love Pc-cillin for example, but if you turn on its e-mail protection it automatically adjust your settings in outlook with out a wizard or notification. I’ve used several others and most do the same thing PC-cillin is one of my favorites for a lot of reasons, but if you don’t disable some of its services it can bog down your internet connection with some of its filters. But it is fast and accurate in realtime and scheduled thats for sure.